Hello and Welcome to the Blog of Kevin Fason! This is my Day to Day Technical Journal. Currently I am the End User Computing Architect for a large Engineering firm in Denver. Had various roles over the years from Communications (PBX & Voicemail) , Administration, even IT Global Manager. Deployment is a big part of my mindset (OSD, MDT, going back to dd) so I have come across lots of scenarios and issues working for a firm that's on all the continents and zillions of countries.

Wednesday, February 14, 2018

Dell OneShot Driver Update

Sometimes when there is a problem with a machine an older driver is at fault. For firms that have standardized on Dell they have provided a nice tool call Dell Command | Update. This is a nice tool Dell made to keep their business lines (OptiPlex, Precision, or Latitude for example) driver sets up to date.

It installs an agent that runs on a schedule (monthly by default) to keep the system up to date on drivers. It queries drivers from Dell directly (or via an on site repository) so you can get the latest drivers easily and automatically. As my firm has very few egress points, I chose not to use it in this capacity however it does have a CLI executable! While we use ConfigMgr to do driver management as issues dictate (needing newer nVidia non ISV driver for example), I put together a package in ConfigMgr for the techs to manually update all drivers on a device when it comes in for service. Known as the "OneShot Driver Update".

You can find install instructions to get Command | Update installed on a PC. Once installed, just copy the install folder to a source folder in SCCM. I created two BAT Files that perform the following:

Remove logs from a previous run

Pause Bitlocker

Update Drivers

Resume Bitlocker if no restart needed

Optionally copy the logs to a server location

As you are generally updating drivers that impact the boot chain (yes the video driver at times) you need to pause Bitlocker. Older versions of the tool did not handle Bitlocker, which is what started me down the path of a simple BAT wrapper for the tool. The Update drivers bullet above is handled via a specific BAT and custom XML file though I have though about doing a menu in the BAT at some point to combine them. For the XML, you can create it in the GUI version of the tool then save it out and therefore use it to update only the categories you want.

I have created two file sets. One that does all device drivers yet skips applications. The second only updates the system firmware, aka BIOS or UEFI. You just run the appropriate BAT as an admin. They are even called '_RunAsAdmin.BAT'.

For SCCM we just have a package with both BATs called out as Programs and have them published via our internal Package Downloader Tool (PDT). Otherwise you can simply advertise it as available to be ran from Software Center. Or just put on a network location somewhere.

Download

This Script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this Script. Always test, test, test before rolling anything into a production environment.

2 comments:

Hi Kevin.I just found you post and your script. I have a question - you set a schedule with your policy files. Doesn't that mean that the DCU will run on a schedule - and that will be a problem if it installs a bios, because it won't pause the Bitlocker next time, correct?

From reading the documentation and my experience with this, a schedule is not set even if you have Command Update installed on a machine. I'm assuming it ignores the settings it doesnt need such as schedule settings. I checked today as I have Command Update installed but set to manual, on export it still had monthly and running dcu-cli did not change it to monthly.